What do to when hacked!


New member
Hey guys,

I know I have not posted here in a while. The reason why is because my account was removed from the servers because of Email spam!

It was no ones fault but my own. It was a lack of knowledge... but here I am... I am here to share my findings with you so that you can avoid the same issues.

My wordpress sites was hacked and the core files of wordpress was altered. So no matter if I removed the hack scripts, they kept coming back because of the backdoors that was put in place in the original wordpress files.

The new hosting company I am with turned me onto:


This mod took about 30 mins to run... found ALL of the hacks on the server.. and with one click of a button... removed them without breaking my sites!

It is free... and well... they should be charging because it has cost me ALOT of money losing valued hosting accounts like this one.

SO... If you find yourself having spammer issues... Install this in your admin and let it go!

HUGE time and money saver.

I only came back here to share the info I have learned to help anyone else who may run into these issues!

Highest Regards,


Great link, Tony, and I'm glad you were able to fix your site! I've also found that plugin helpful, and it's a good thing for people using WordPress to know about.


New member
I have lost many traffic when my site was indicate getting malware on google webmaster. I dont know how to recover it again. I was successfull getting review reconsideration about that but still not helping my traffic come back. This is nightmare for me. :wacko:
This is one of the biggest reason why I have stayed away from Wordpress. Its so easily hacked. Even using the so called defense plugins is not always helpful. There are script kiddies that sit up night and day with their red bull trying to find weak spots in the code. It could be days before the problem is found and reported. Then it takes time for it to be included in the defense software. It seems everyone talks about google webmaster, but it seems no one use google to check out if their code is secure, or if their plugins are legit. What I find ironic, is not even a decade ago, any code that was released into the wild was pulled apart within hours and flaws posted right away. It was also sent to groups to look it over with a fine tooth comb, but today, coders write it, release it. Hackers take it, tear it apart, share the exploit with friends and maybe with in a week or 2, the exploit will be reported to the coder. Things have really changed now. If you ever want to see if your code is open to attacks, go to the web site called Oday, they have all the latest exploits of all CMS, PHP, APP etc out there.


Staff member
Agreed Strokerace. There is great risk involved, and irony is that because it is so easy to set up, you find your more inexperienced person who is not as security aware, working with WordPress sites.

Having said that though. WordPress is getting better at security. I've noticed a big difference in the last few months. WordPress security updates now get automatically updated. One can also choose to have all of the plugins automatically updated too.

But yes, no amount of security WordPress implements can compensate for the inexperience of new WordPress users. Finding a real "cool" plugin that is supposed to be premium, but comes bundled in for free at a third party site. Now how wonderful is that! Easy to dupe any one, even your most experienced WordPress users. And that happens every day.